> > The 'Manifest' file committed by developers contains ONLY 'DIST'
> > entries. Every git action you do on your local tree would detect other
> > changes.
> If it's free from any security flaws, then it's apparently win-win situation
> (a'ka "why store something that is already there - non-distfiles hash").
> Issue related to Manifests needs to be solved somehow to fully gain from git
> transition.
> Still, what about git overlays that cannot utilize rsync method? This way they
> are no longer compatible with package manager and such method cannot be
> applied. It would be nice to have some common but working solution (if
> possible that is).

The overlays stay as git when they are on the user's systems. The
Git->rsync Manifest translation is ONLY relevant if you want to generate
an rsync tree from a Git tree.
So the Manifests in the Git-based overlay contain ONLY DIST lines. 'git
status' will tell you about files that are changed and don't match the
Git index anymore. (For the sub-case of worrying about mtime being
unchanged, see the 'assume unchanged' and core.ignorestat in the
git-update-index documentation.

> And of course even gentoo-x86 cannot be just cloned and used as PORTDIR,..
> unless, hmm, Manifests are fetched and then "fixed" (regenerating missing
> manifests lines) on "client side" using git hooks and updated (stripping non-
> DIST digests) and then commited using git hooks.
> Is it possible?

It can be cloned just fine.
Remember that Portage will only verify hashes that exist in the file. If
they aren't in the file, they don't get verified. The fix you describe
is unneeded.
To just use the Git tree on the client side, you'd want a verification
as follows:
1. Clone the tree
2. Set core.ignoreStat in .git/config
3. Run 'git status $FILENAME..' for every file you want to verify. [1]
4. Fetch distfiles.
4. Use the Manifest file (which contains only DIST) to check distfile.
5. All good, you can unpack and build now.
[1] This can be done ahead of time including verifying a gpg-signed commit.
The 'git status' is just to make sure that your on-disk copy matches the
git index still.
--
Robin Hugh Johnson
Gentoo Linux Developer & Infra Guy
E-Mail : robbat2@g.o
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85